b50495bebe
短信(SMS_MOCK 切 mock/real): - integrations/sms.py 重写: real 模式走极光短信 REST /v1/messages 自定义验证码(本服务 secrets 生成 6 位码 + 进程内存 + 本地校验一次性/防爆破), 鉴权复用极光一键登录 JG_APP_KEY/MASTER_SECRET (同一极光应用, 上线只需 SMS_MOCK=false); mock 仍"任意6位通过"不动其余测试 - 防刷四层: 单号冷却 + 单号每日上限 + 单IP rate_limit(/sms/send 10/min、/sms/login 20/min) + 单码失败次数作废; SmsError 带 status_code 映射 429/503/400 - config 增 SMS_SEND_ENDPOINT/SIGN_ID/TEMPLATE_ID/CODE_LENGTH/DAILY_LIMIT/MAX_VERIFY_ATTEMPTS; test_auth 加 real 模式单测; sms.md/后端技术实现/待办账本同步 admin 后台(app/admin/ 独立子应用, uvicorn app.admin.main:admin_app :8771): - 复用主仓 models/repositories/integrations + 同库, 鉴权完全隔离(ADMIN_JWT_SECRET≠JWT_SECRET_KEY + payload typ=admin + bcrypt 密码 + 可选 IP 白名单); 主 app 不 import 本包, admin 崩不影响主进程 - 路由: 登录 / 账号管理(RBAC: super_admin·finance·operator) / 用户列表+360详情+封禁+手动调币 / 钱包流水 / 提现重试对账 / 反馈工单 / 数据大盘; 全写操作落 admin_audit_log(涉钱与业务写同事务) - 涉钱逻辑(调微信/退款/对账)复用 app.repositories.wallet 不重写 - 新增 models/admin.py(AdminUser/AdminAuditLog) + admin_tables 迁移 + create_admin.py + deploy/shaguabijia-admin.service; 依赖加 bcrypt Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
71 lines
2.1 KiB
Python
71 lines
2.1 KiB
Python
"""admin_audit_log 写入 + 查询。
|
|
|
|
审计日志只增不改不删——任何写操作经 app.admin.audit.write_audit 落一条。
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
from sqlalchemy import select
|
|
from sqlalchemy.orm import Session
|
|
|
|
from app.models.admin import AdminAuditLog
|
|
|
|
|
|
def add_audit_log(
|
|
db: Session,
|
|
*,
|
|
admin_id: int,
|
|
admin_username: str,
|
|
action: str,
|
|
target_type: str,
|
|
target_id: str | None = None,
|
|
detail: dict | None = None,
|
|
ip: str | None = None,
|
|
commit: bool = True,
|
|
) -> AdminAuditLog:
|
|
"""插一条审计。commit=False 时只 flush,让调用方把审计和业务写操作放同一事务。"""
|
|
log = AdminAuditLog(
|
|
admin_id=admin_id,
|
|
admin_username=admin_username,
|
|
action=action,
|
|
target_type=target_type,
|
|
target_id=target_id,
|
|
detail=detail,
|
|
ip=ip,
|
|
)
|
|
db.add(log)
|
|
if commit:
|
|
db.commit()
|
|
db.refresh(log)
|
|
else:
|
|
db.flush()
|
|
return log
|
|
|
|
|
|
def list_audit_logs(
|
|
db: Session,
|
|
*,
|
|
action: str | None = None,
|
|
target_type: str | None = None,
|
|
admin_id: int | None = None,
|
|
limit: int = 50,
|
|
cursor: int | None = None,
|
|
) -> tuple[list[AdminAuditLog], int | None]:
|
|
"""游标分页(id 倒序),与现有 list_* 约定一致。返回 (rows, next_cursor)。"""
|
|
stmt = select(AdminAuditLog)
|
|
if action:
|
|
stmt = stmt.where(AdminAuditLog.action == action)
|
|
if target_type:
|
|
stmt = stmt.where(AdminAuditLog.target_type == target_type)
|
|
if admin_id is not None:
|
|
stmt = stmt.where(AdminAuditLog.admin_id == admin_id)
|
|
if cursor is not None:
|
|
stmt = stmt.where(AdminAuditLog.id < cursor)
|
|
stmt = stmt.order_by(AdminAuditLog.id.desc())
|
|
rows = list(db.execute(stmt.limit(limit + 1)).scalars().all())
|
|
has_more = len(rows) > limit
|
|
items = rows[:limit]
|
|
# next_cursor 必须是"本页返回的最后一条"的 id(下一页查 id < 它),不能用 rows[limit]——
|
|
# rows[limit] 是探测下一页用的第 limit+1 条,它既不在本页也不在下页 → 每页边界丢一条。
|
|
next_cursor = items[-1].id if has_more else None
|
|
return items, next_cursor
|